Description
A security vulnerability has been detected in Mohammed-eid35 bank-management-system-springboot up to 7b9bcc65ad7df3db29af71aed9bb500e5f24d948. This affects an unknown part of the file src/main/java/com/alien/bank/management/system/controller/TransactionController.java of the component Transaction Endpoint. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-06-08
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the TransactionController of the Mohammed-eid35 bank-management-system-springboot application. An attacker can bypass authorization controls when interacting with the transaction endpoint, leading to unauthorized exposure or manipulation of transaction data. This flaw aligns with the weaknesses of CWE‑266 and CWE‑285, indicating that the system fails to enforce proper privilege checks and authorizations.

Affected Systems

The affected product is Mohammed‑eid35 bank‑management‑system‑springboot. No specific release numbers are available because the project uses rolling releases, but the vulnerability applies to any commit prior to the missing patch (up to commit 7b9bcc65ad7df3db29af71aed9bb500e5f24d948).

Risk and Exploitability

The CVSS base score of 5.3 classifies the issue as medium severity. The Exploit Prediction Scoring System (EPSS) score is not available, so current exploitation likelihood cannot be quantified. The vulnerability is publicly disclosed and can be triggered remotely through the transaction endpoint. However, the project's maintainers have not yet released a fix, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, suggesting limited exploitation activity to date.

Generated by OpenCVE AI on June 8, 2026 at 15:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the most recent commit that includes an authorization fix, if one is available.
  • If a fixed release is not yet released, temporarily restrict access to the transaction endpoint by limiting it to trusted IP ranges or enforcing additional authentication measures.
  • Implement monitoring of transaction logs to detect and alert on suspicious or unauthorized activity.

Generated by OpenCVE AI on June 8, 2026 at 15:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 08 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in Mohammed-eid35 bank-management-system-springboot up to 7b9bcc65ad7df3db29af71aed9bb500e5f24d948. This affects an unknown part of the file src/main/java/com/alien/bank/management/system/controller/TransactionController.java of the component Transaction Endpoint. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
Title Mohammed-eid35 bank-management-system-springboot Transaction Endpoint TransactionController.java improper authorization
First Time appeared Mohammed-eid35
Mohammed-eid35 bank-management-system-springboot
Weaknesses CWE-266
CWE-285
CPEs cpe:2.3:a:mohammed-eid35:bank-management-system-springboot:*:*:*:*:*:*:*:*
Vendors & Products Mohammed-eid35
Mohammed-eid35 bank-management-system-springboot
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Mohammed-eid35 Bank-management-system-springboot
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-08T16:29:03.805Z

Reserved: 2026-06-07T16:04:49.354Z

Link: CVE-2026-11521

cve-icon Vulnrichment

Updated: 2026-06-08T16:28:59.402Z

cve-icon NVD

Status : Deferred

Published: 2026-06-08T15:16:44.000

Modified: 2026-06-09T01:34:33.987

Link: CVE-2026-11521

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T08:57:05Z

Weaknesses
  • CWE-266

    Incorrect Privilege Assignment

  • CWE-285

    Improper Authorization